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Lead and Govern 




EO 13636: Improving Critical 
Infrastructure Cybersecurity 


DoDD 8000.01 

Management of the DOD Information 
Enterprise 


PPD 21: Critical Infrastructure Security 
and Resilience 


DoDI 8500.01 
Cybersecurity 


National Strategy for Information 
Sharing and Safeguarding 

U.S. Int’l Strategy for Cyberspace 

25 Point Implementation Plan to 
Reform Federal IT Mgt. 

NIST Framework for Improving 
Critical Infrastructure Cybersecurity 

Quadrennial Defense Review (QDR) 
Report 

National Defense Strategy (NDS) 

CNSSP-24 

Policy on Assured Info Sharing (AIS) 
for National Security Systems(NSS) 

The DoD Cyber Strategy 

DoD Defending Networks, Systems 
and Data Strategy 


DoD Cyber, Identity & Information 
Assurance Strategic Plan 

National Military Strategy (NMS) 

National Military Strategy for 
Cyberspace Operations (NMS-CO) 

National Military Strategic Plan for the 

War on Terrorism ^ 
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Policies and Issuances 
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Design for the Fight 




SP 800-119 

Guidelines for the Secure Deployment 
of IPv6 

Common Criteria Evaluation and 
Validation Scheme (CCEVS) 

CNSSP-11 

Nat’l Policy Governing the Acquisition 
of IA and lA-Enable IT 

DFARS 

Subpart 208.74, Enterprise Software 
Agreements 

DoDD 5000.01 1 

The Defense Acquisition System 1 

DoDD 7045.20 

Capability Portfolio Management 

DoDD 8115.01 

IT Portfolio Management 

DoDI 5000.02 

Operation of the Defense Acquisition 
System 

DoDI 5200.44 

Protection of Mission Critical Functions 
to Achieve TSN 

DoDI 7000.14 

Financial Management Policy and 
Procedures (PPBE) 

DoDI 8115.02 

IT Portfolio Management 
Implementation 

DoDI 8330.01 

Interoperability of IT and National 
Security Systems (NSS) 

DoDI 8510.01 

Risk Management Framework 
for DoD IT 

DoDI 8580.1 

Information Assurance (IA) in the 
Defense Acquisition System 

RMF Knowledge Service 

DoD CIO Memo 

Interim Guidance on Networthiness of 
IT Connected to DoD Networks 

MOA between DoD CIO and ODNI CIO 
Establishing Net-Centric Software 
Licensing Agreements 

DoD CIO G&PM 12-8430 
Acquiring Commercial Software 

DODAF (Version 2.02) 

DoD Architecture Framework 

CJCSI 3170.011 

Joint Capabilities Integration and 
Development System (JCIDS) 

CJCSI 6212.01 F 

Net Ready Key Performance 
Parameter 

Joint Publication 6-0 

Joint Communications System 

Alignment Framework for the GIG IA 
Architecture (AFG) version 1.1 

IA Component of the GIG Integrated 
Architecture, vl.1 

IATF Release 3.1 

Information Assurance Technical 
Framework 

CNSS 

National Secret Fabric Architecture 
Recommendations 
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Develop the Workforce 


CNSSD-500 

Information Assurance (IA) Education, 
Training, and Awareness 


NSTISSD-501 

National Training Program for 
INFOSEC Professionals 

NSTISSI-4000 

CO MS EC Equipment Maintenance 
and Maintenance Training 

NSTISSI-4011 

National Training Standard for 
INFOSEC Professionals 

CNSSI-4012 

National IA Training Standard for 
Senior Systems Managers 

CNSSI-4013 

National IA Training Standard For 
System Administrators (SA) 

CNSSI-4014 

National IA Training Standard For 
Information Systems Security Officers 

NSTISSI-4015 

National Training Standard for System 
Certifiers 

CNSSI-4016 

National IA Training Standard For Risk 
Analysts 

DoDD 8140.01 

Cyberspace Workforce Management 

DoD 8570.01-M 

Information Assurance Workforce 
Improvement Program 


DoDI 8550.01 

DoD Internet Services and Internet- 
Based Capabilities 


Partner for Strength 


SP 800-144 

Guidelines on Security and Privacy in 
Public Cloud Computing 

SP 800-171 

Protecting CUI in Nonfederal Info 
Systems and Organizations 

CNSSP-14 

National Policy Governing the Release 
of IA Products/Services... 

CNSSI-1253 

Security Categorization and Control 
Selection for Nat’l Security Systems 

CNSSI-1253F, Atchs 1-5 

Security Overlays 

CNSSI-4007 

Communications Security (COMSEC) 
Utility Program 

CNSSI-4008 

Program for the Mgt and Use of Nat’l 
Reserve IA Security Equipment 

DoDI 5205.13 

Defense Industrial Base Cyber 
Security / IA Activities 

DoD 5220.22-M 

National Industrial Security Program 
Operating Manual (NISPOM) 

ICD 503 

IT Systems Security Risk Management 
and C&A 


Secure Data in Transit 


FIPS 140-2 

Security Requirements for 
Cryptographic Modules 

SP 800-153 

Guidelines for Securing Wireless Local 
Area Networks 

CNSSP-1 

National Policy for Safeguarding and 
Control of COMSEC Material 

CNSSP-15 

Use of Pub Standards for Secure 
Sharing of Info Among NSS 

CNSSP-17 

Policy on Wireless Communications: 
Protecting Nat’l Security Info 

CNSSP-19 

National Policy Governing the Use of 
HAIPE Products 

CNSSP-25 

National Policy for PKI in National 
Security Systems 

NSTISSP-101 

National Policy on Securing Voice 
Communications 

NACS1-2005 

Communications Security (COMSEC) 
End Item Modification 

CNSSI-5000 

Guidelines for Voice Over Internet 
Protocol (VoIP) Computer Telephony 

CNSSI-5001 

Type-Acceptance Program for VoIP 
Telephones 

NACSI-6002 

Nat’l COMSEC Instruction Protection of 
Gov’t Contractor Telecomm’s 

NSTISSI-7003 

Protective Distribution Systems (PDS) 

DoDD 8100.02 

Use of Commercial Wireless Devices, 
Services, and Tech in the DoD GIG 

DoDD 8521.01E 

Department of Defense Biometrics 

DoDI 4650.01 

Policy and Procedures for Mgt and Use 
of the Electromagnetic Spectrum 

DoDI 8100.04 

DoD Unified Capabilities (UC) 

DoDI 8420.01 

Commercial WLAN Devices, Systems, 
and Technologies 

DoDI 8523.01 

Communications Security (COMSEC) 

DoDI S-5200.16 

Objectives and Min Stds for COMSEC 
Measures used in NC2 Comms 

CJCSI 6510.02D 

Cryptographic Modernization Plan 

CJCSI 6510.06B 

Communications Security Releases to 
Foreign Nations 







Manage Access 


HSPD-12 

Policy for a Common ID Standard for 
Federal Employees and Contractors 

M-05-24 

Implementation of HSPD-12 

FIPS 201-2 

Personal Identity Verification (PIV) of 
Federal Employees and Contractors 

CNSSP-3 

National Policy for Granting Access to 
Classified Cryptographic Information 

CNSSP-16 

National Policy for the Destruction of 
CO MS EC Paper Material 

CNSSI-1300 

Instructions for NSS PKI X.509 

NSTISSI-3028 

Operational Security Doctrine for the 
FORTEZZA User PCMCIA Card 

NSTISSI-4001 

Controlled Cryptographic Items 

NSTISSI-4003 

Reporting and Evaluating COM SEC 
Incidents 

CNSSI-4005 

Safeguarding COMSEC Facilities and 
Materials, amended by CNSS-008-14 

NSTISSI-4006 

Controlling Authorities for CO MS EC 
Material 

DoDD 1000.25 

DoD Personnel Identity Protection 
(PIP) Program 

DoDI 5200.08 

Security of DoD Installations and 
Resources and the DoD PSRB 

DoDI 8520.02 

Public Key Infrastructure (PKI) and 
Public Key (PK) Enabling 

DoDI 8520.03 

Identity Authentication for Information 
Systems 

DoDM 1000.13, Vol. 1 

DoD ID Cards: ID Card Life-cycle 


Assure Information Sharing 


Understand the Battlespace 


T 




FIPS 199 

Standards for Security Categorization 
of Federal Info, and Info. Systems 


SP 800-59 

Guideline for Identifying an Information 
System as a NSS 


SP 800-60 R1 

Guide for Mapping Types of Info and 
Info Systems to Security Categories 


SP 800-92 

Guide to Computer Security Log 
Management 


SP 800-101, R1 

Guidelines on Mobile Device Forensics 


NISTIR 7693 

Specification for Asset Identification 1.1 


DoDI S-5240.23 

Counterintelligence (Cl) Activities in 
Cyberspace 


Prevent and Delay Attackers 
and Prevent Attackers from Staying 



FIPS 200 

Minimum Security Requirements for 
Federal Information Systems 


SP 800-53 R4 

Security & Privacy Controls for 
Federal Information Systems 


SP 800-61 Rev 2 

Computer Security Incident Handling 
Guide 


SP 800-128 

Guide for Security-Focused 
Configuration Mgt of Info Systems 


DoDI 0-8530.2 
Support to Computer Network 
Defense (CND) 


SP 800-37 R1 

Guide for Applying the Risk Mgt 
Framework to Fed. Info. Systems 


SP 800-53A R4 

Assessing Security & Privacy Controls 
in Fed. Info. Systems & Orgs. 


SP 800-124, Rev 1 

Guidelines for Managing the Security of 
Mobile Devices in the Enterprise 


CNSSAM IA 1-10, Reducing Risk of 
Removable Media in NSS 


DoDD 0-8530.1 

Computer Network Defense (CND) 


DoDI 8551.1 

Ports, Protocols, and Services 
Management (PPSM) 


DoDM 5105.21 VI, SCI Admin Security 
Manual: Info and Info Sys Security 


DoD 0-8530.1-M 

CND Service Provider Certification and 
Accreditation Program 


CJCSI 6510.01 F 
Information Assurance (IA) and 
Computer Network Defense (CND) 


CJCSM 6510.01B 
Cyber Incident Handling Program 


DoDI 8320.02 

Sharing Data, Info, and IT Services in 
the DoD 


DoD Information Sharing Strategy 


United States Intelligence Community 
Information Sharing Strategy 


DoDI 8582.01 

Security of Unclassified DoD 
Information on Non-DoD Info Systems 


ASD(NII)/DoD CIO Memo 
Use of Peer-to-Peer File Sharing 
Applications Across DoD 


CJCSI 6211.02D 

Defense Information System Network: 
(DISN) Responsibilities 


IA. 


CJCSM 3213.02C, Ch 1 
Joint Staff Focal Point 
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ABOUT THIS CHART 

This chart organizes cybersecurity policies and guidance by 
Strategic Goal and Office of Primary Responsibility (see Color 
Key). Double-clicking on the box directs users to the 
authoritative source. 

Policies in italics indicate the document is marked for limited 
distribution or no authoritative public-facing hyperlink is 
currently available. 

The linked sites are not controlled by the developers of this 
chart. We check the integrity of the links on a regular basis, but 
you may occasionally experience an error message due to 
problems at the source site or the site's decision to move the 
document. Please let us know if you believe the link is no 
longer valid. 

CNSS policies only link to the CNSS site, per restrictions 
implemented by its website design. 

Boxes with red borders reflect recent updates. 

Note: Users of the iPad, iPhone or iPod Touch may find they 
can view this Chart but that its hyperlinks are inoperable, 
because of Apple's decision not to fully support certain Adobe 
products. For those who desire a workaround for this issue, 
there are apps in the iTunes store for less than $1.00. 

For the latest version of this chart go to http://iac.dtic.mil/csiac/ 
ia policvchart.html . You can sign up to be alerted by e-mail to 
any updates to this document. 


Develop and Maintain Trust 




CNSSP-12 

National IA Policy for Space Systems 
Used to Support NSS 


CNSSP-21 

National IA Policy on Enterprise 
Architectures for NSS 


NSTISSD-600 

Communications Security (CO MS EC) 
Monitoring 


NSTISSI-7002 
TEMPEST Glossary 


CNSSI-5002, National Information 
Assurance (IA) Instruction for 
Computerized Telephone Systems 


DoDD 3100.10 
Space Policy 


DoDD 3020.40 

DoD Policy and Responsibilities for 
Critical Infrastructure 


DoDD 5144.02 

DoD Chief Information Officer 
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DoDI 8581.01 

IA Policy for Space Systems Used by 
the DoD 


Strengthen Cyber Readiness 


SP 800-18 R1 

Guide for Developing Security Plans 
for Federal Information Systems 

SP 800-126 R2 

SCAP Ver. 1.2 

SP 800-30, Rev. 1 

Guide for Conducting Risk 
Assessments 

SP 800-39 

Managing Information Security Risk 

SP 800-137 

Continuous Monitoring 

DoDD 3700.01 

DoD Command and Control (C2) 
Enabling Capabilities 


DoDD S-5100.44 

Defense and National Leadership 
Command Capability (DNLCC) 

DoDI 8560.01 

COMSEC Monitoring and Information 
Assurance Readiness Testing 






Sustain Missions 


CNSSP-18 

National Policy on Classified 
Information Spillage 


CNSSP-22, IA Risk Management 
Policy for National Security Systems, 
amended by CNSS-021-13 


CNSSP-300 

National Policy on Control of 
Compromising Emanations 


CNSSI-1001 

National Instruction on Classified 
Information Spillage 


CNSSI-4004.1, Destruction and 
Emergency Protection Procedures for 
COMSEC and Class. Material 


CNSSI-7000 

TEMPEST Countermeasures for 
Facilities 


NSTI SSI-7001 

NONSTOP Countermeasures 


DoDD 3020.26 

Department of Defense Continuity 
Programs 


DoDD 3020.44 
Defense Crisis Management 


DoDI 8410.02 

NetOps for the Global Information 
_ Grid (GIG) _ 


Defense Acquisition Guidebook 
Section 7.5 Information Assurance 


NSA IA Directorate (IAD) Management 
Directive MD-10 
Cryptographic Key Protection 


Title 10 
Armed Forces 

(§§2224, 3013(b), 5013(b), 8013(b)) 


Title 14 

Cooperation With Other Agencies 
(Ch. 7:§§ 141,144,145,148,149,150) 


Title 32 

National Guard 

(§ 102 ) 


Title 44 

Federal Information Security Mod. Act, 
(Chapter 35) 


Title 40 

Public Buildings, Property, and Works 
(Ch. 113: §§11302, 11315, 11331) 


Title 50 

War and National Defense 
(§§3002, 1801) 


Clinger-Cohen Act, Pub. L. 104-106 


UCP 

Unified Command Plan 
(US Constitution Art II, Title 10 & 50) 


Computer Fraud and Abuse Act 
Title 18 (§1030) 


Stored Communications Act 
Title 18 (§2701 etseq.) 


Pen Registers and Trap and Trace 
Devices 

Title 18 (§3121 etseq.) 


Executive Order 13691 
Promoting Private Sector Cybersecurity 
Information Sharing 


Foreign Intelligence Surveillance Act 
Title 50 (§1801 et seq) 


Executive Order 13231 
as Amended by EO 13286 - Critical 
Infrastructure Protection in the Info Age 


Executive Order 13587 
Structural Reforms To Improve 
Classified Nets 


Executive Order 13526 
Classified National Security Information 

NSD 42, National Policy for the 
Security of Nat’l Security Telecom and 
Information Systems 


NSPD 54/HSPD 23 
Computer Security and Monitoring 


PPD 28, Signals Intelligence Activities 


A-130, Management of Fed Info 
Resources 


FAR 

Federal Acquisition Regulation 


2015 National Security Strategy 


NIST Special Publication 800 Series 


Ethics Regulations 


CNSSD-502 

National Directive On Security of 
National Security Systems 


CNSSD-901 

Nat’l Security Telecomm’s and Info Sys 
Security (CNSS) Issuance System 


National Strategy to Secure 
Cyberspace 


NISTIR 7298, Rev 2, Glossary of Key 
Information Security Terms 


CNSSD-900, Governing Procedures of 
the Committee on National Security 
Systems 


CNSSI-4009 

National Information Assurance 
Glossary 


Federal Wiretap Act 
Title 18 (§2510 et seq.) 


Color Key - OPRs 


n 

ASD(NII)/ASD(C3I) 
/DOD CIO 

0 

NIST 

□ 

CNSS/NSTISS 

■ 

NSA ! 

□ 

DISA 

■ 

OSD 

□ 

DNI 

□ 

STRATCOM 

□ 

JCS 

■ 

USD(AT&L) 

■ 

NIAP 

■ 

USD(C) 


USD(I) 
USD(P) 

USD(P&R) 


Recently 
updated box 
Expired, # 

Update pending ,/ 


SD 527-01 

DoD INFOCON System Procedures 


SI 507-01 

NetOps Community of Interest (NCOI) 
Charter 


STRATCOM CON PLAN 8039-08 


Computer Network Directives 
(CTO, FRAGO, WARNORD) 


SI 504-04 

Readiness Reporting 


SI 701-01 
NetOps Reporting 


STRATCOM OPLANs 


J 

\ 


Security Configuration Guides (SCGs) 


Security Readiness Review Scripts 
(SRRs) 


Component-level Policy 
(Directives, Instructions, Publications, 
Memoranda) 


Security Technical Implementation 
Guides (STIGs) 


Distribution Statement A: Approved for Public Release. Distribution is unlimited. 






















































































































































































































































































































































































































































































































































































































































